shell-things/etc/opt/chromium/policies/managed
2024-04-25 14:01:54 +03:00
..
.editorconfig chromium: declare more things as .badidea 2024-04-25 14:01:54 +03:00
.gitattributes chromium: declare more things as .badidea 2024-04-25 14:01:54 +03:00
aminda-extensions.json chromium: exclude bittimittari.fi 2024-04-22 10:09:28 +03:00
brave-shields-disabled.json chromium: exclude bittimittari.fi 2024-04-22 10:09:28 +03:00
disable-brave-ipfs.json chromium: add brave IPFS disabling policy 2024-04-22 10:03:53 +03:00
disable-brave-rewards-wallet.json chromium: move brave feature disabling from recommended to managed for actual effect 2024-04-16 07:11:55 +03:00
disable-brave-tor.json chromium: move brave feature disabling from recommended to managed for actual effect 2024-04-16 07:11:55 +03:00
disable-brave-vpn.json brave: use boolean for disabling vpn 2024-04-10 11:16:55 +03:00
disable-floc.json chromium: add multiple mutually incompatible policy files 2024-02-04 10:21:10 +02:00
disable-incognito.json.badidea chromium: declare more things as .badidea 2024-04-25 14:01:54 +03:00
dns-over-https.json.badidea chromium: add dns-over-https.json.badidea and declare it as a bad idea 2024-04-25 13:57:01 +03:00
doh-cloudflare-secure.json chromium: allow DoH downgrade to at least work. Breaks ECH :( 2024-04-25 08:15:28 +03:00
doh-dns0-kids.json chromium: allow DoH downgrade to at least work. Breaks ECH :( 2024-04-25 08:15:28 +03:00
doh-dns0-open.json chromium: allow DoH downgrade to at least work. Breaks ECH :( 2024-04-25 08:15:28 +03:00
doh-dns0-zero.json chromium: allow DoH downgrade to at least work. Breaks ECH :( 2024-04-25 08:15:28 +03:00
doh-dns0.json chromium: allow DoH downgrade to at least work. Breaks ECH :( 2024-04-25 08:15:28 +03:00
doh-mullvad-base.json chromium: allow DoH downgrade to at least work. Breaks ECH :( 2024-04-25 08:15:28 +03:00
doh-quad9-ecs.json chromium: allow DoH downgrade to at least work. Breaks ECH :( 2024-04-25 08:15:28 +03:00
doh-quad9-insecure-ecs.json.badidea chromium: declare more things as .badidea 2024-04-25 14:01:54 +03:00
doh-quad9-insecure.json.badidea chromium: declare more things as .badidea 2024-04-25 14:01:54 +03:00
doh-quad9.json chromium: allow DoH downgrade to at least work. Breaks ECH :( 2024-04-25 08:15:28 +03:00
doh-unlocked-unset.json chromium: merge doh-forced to the doh files due to it being required anyway, update documentation, rename doh-allowed → doh-unlocked-unset 2024-04-21 14:00:39 +03:00
enable-ech-ocsp.json chromium/enable-ech-ocsp.json: remove not strictly releated policies 2024-04-20 07:47:31 +03:00
enable-labs.json chromium/managed: add enable-labs.json 2024-04-15 21:08:56 +03:00
fix-edge-search.json chromium: move edge policy from recommended searches to managed/fix-edge-search.json 2024-03-28 18:53:15 +02:00
force-incognito.json.badidea chromium: declare more things as .badidea 2024-04-25 14:01:54 +03:00
https-everywhere.json chrome policies: force_enable HttpsOnlyMode 2024-01-31 14:12:21 +02:00
README.md chromium: declare more things as .badidea 2024-04-25 14:01:54 +03:00

Chromium policies

aminda-extensions.json

As I cannot separate the keys to multiple files I am forced to keep them in one and separate by what the file does, aminda-extensions.json is unlikely to overlap with someone else.

Changing normal_installed to force_installed would also prevent uninstallation.

This does contain some bloat or something not necessary in all situations or even overlapping extensions, but there is an important side goal of teaching users to disable extraneous extensions they dont need (unless I decide they do need something and thus its force_installed.

Silk - Privacy Pass Client for the browser

  • ajhmfdgkijocedmfjonnpjfojldioehi

Silk or Privacy Pass has a chance of decreasing the amount of captchas especially from Cloudflare when “suspicious” traffic is detected.

To intentionally trigger it and what should be allowed in NoScript:

NoScript

  • doojmbjmlfjjnbmnoijecmcbfeoakpjm

Not actually installed by aminda-extensions.json anymore due to self-reflection and deciding its a bit much to push on unsuspecting family members.

Appears to make the internet much more pleasant and less distracting in 2024 eliminating the cookie banners and all, while not trusting lists generated by other people.

OpenDyslexic

  • cdnapgfjopgaggbmfgbiinmmbdcglnam

OpenDyslexic font + highlighting for currently pointed paragraph. Improves my reading especially with more busy articles, even without dyslexia.

IPvFoo

  • ecanpcehffngcegjmadlcijfolapggal

Dark Reader

  • eimadpbcbfnmbkopoojfekhnkhdbieeh

As playing around with these policies and constantly removing the profile directory doesnt help my migraine.

Indiewiki Buddy

  • fkagelmloambgokoeokbpihmgpkbgbfm

I am spoilt by how nice Breezewiki is to use and wikis existing outside of Fandom is good to be reminded about occassionally. And I just happened to stay in not so hardened Chromium for a bit due to hardened Firefox being too much for my task and there is no reason occassionally needed Chromium shouldnt be tolerable for a few minutes.

Floccus bookmarks sync

  • fnaicdffflnofjppbagibeoednhnbjhg

Bookmarks sync either through selfhosted webdav or Google Drive working even across different web browsers.

Wayback Machine

  • fpnmgdkabkmnadcjpehmlllkndpkmiak

web.archive.org saving and discovering.

Privacy Manager

  • giccehglhacakcfemddmfhdkahamfcmd

Quick browser options and data removal on startup. Maybe beneficial if incognito is disabled (which again is not great idea for quick guest access?)

Terms of Service; Didnt Read

  • hjdoplcnndgiblooccencgcggcoihigg

Fedora User Agent

  • hojggiaghnldpcknpbciehjcaoafceil

Communicates websites that Ubuntu isnt the only Linux distribution and makes some offer rpm packages directly.

IPvFooBar

  • iimpkhokkfekbpmoamlmcndclohnehhk

Chrome Remote Desktop

  • inomeogfingihgjfjlpeplalcfajhgai

Remote support integrated to Chrome.

The additional component is:

  • Debian: https://dl.google.com/linux/direct/chrome-remote-desktop_current_amd64.deb
  • Others: unsupported

Bias Finder

Political bias of English language media sites powered by allsides.com

Snowflake

  • mafpmfcccpbjnhfhjnllmmalhifmlcie

Helps bridge traffic to Tor by looking like WebRTC call.

AdNauseam

  • mlojlfildnehdpnlmpkeiiglhhkofhpb

Complementing PrivacyBadger with an adblocker so first profile runs have at least something to block Malvertising now that I no longer enable NoScript out of the box.

IPFS Companion

  • nibjojkomfdiaoajekhjakgkdhaomnch

IPFS integration for web browsers.

Bitwarden

  • nngceckbapebfimnlniiiahkandclblb

The password manager of my choice.

UpdateSWH

  • palihjnakafgffnompkdfgbgdbcagbko

Adds a floating coloured button to source code forges reflecting the status of it being in Software Heritage Archive and allows quick archiving requests to be made.

Privacy Badger

  • pkehgijcmpdhfbdbbnkijodmdjhbjlgp

Configured to learn locally and also in incognito as opposed to only relying on vendor list. Also not display the “Welcome to Privacy Badger screen”.

See also:

TODO/Inconsistencies

brave-shields-disabled.json

Allowlist for sites where I think Brave Shields may be breaking things. Similar is also in aminda-extensions.json for Privacy Badger.

disable-brave-rewards-wallet.json

Disables Brave rewards and wallet.

disable-brave-tor.json

Disables Tor in Brave as I recommend using Tor Browser instead.

disable-brave-vpn.json

Disables Brave VPN, which is the most annoying feature that has group policy that I can see.

disable-floc.json

Disables floc or ad topics that are against privacy.

disable-incognito.json.badidea

Disables incognito mode. I dont recommend this.

doh-cloudflare-secure.json

Sets Cloudflare with malware protection as the forced DNS-over-HTTPS server.

doh-unlocked-unset.json

If no DNS over HTTPS policy is used, this unlocks the setting. Enabling managed policies disable it by default.

My other doh-*.json set this as well, because secure doesnt allow downgrade to system resolver and Chromium seems somewhat unreliable with it often reporting DNS_PROBE_POSSIBLE and while this occassionally disables ECH, it works and my system resolvers are encrypted. I hope they will implement ECH with system resolver soon to fix this.

doh-dns0.json

Simply forces DNS-over-HTTPS with DNS0.eu.

doh-mullvad-base.json

Forces DNS-over-HTTPS with Mullvad Base, which features ad, malware & tracker blocking.

doh-quad9-ecs.json

Forces DNS over HTTPS with Quad9 ECS enabled threat-blocking server and also contains their alternative port.

doh-quad9-insecure-ecs.json.badidea

Forces DNS over HTTPS with Quad9 ECS enabled unfiltered server and also contains their alternative port. No DNSSEC either.

doh-quad9-insecure.json.badidea

Forces DNS over HTTPS with Quad9 unfiltered server and also contains their alternative port. No DNSSEC either.

doh-quad9.json

Forces DNS over HTTPS with Quad9 threat-blocking server and also contains their alternative port.

enable-ech-ocsp.json

Enables encrypted client hello (ECH) and Online Certificate Status Protocol (OCSP) (or Certificate Revocation List (CRL)?) checks.

However ECH requires "DnsOverHttpsMode": "secure" which will break things (and thus my files dont enable it), or it will occassionally get disabled (I hope they implement it with system resolver soon).

enable-labs.json

Enables the beaker button “Experiments” for easier management than about:flags.

fix-edge-search.json

Tells Microsoft Edge to redirect queries from new tab search box to URL bar effectively forcing it to respect user configured search engine instead of stealthily sending those queries to Bing.

force-incognito.json.badidea

Forces incognito mode. I dont recommend this.

https-everywhere.json

Enforces https and attempts to upgrade http to https.

README.md

You are reading this file, are you not?